<?php

class WebUser extends CWebUser {
	
	protected function beforeLogin( $id, $states, $fromCookie )
    {
        //If the login is not cookie-based then there is no point to check
        if( !$fromCookie ) {
            return true;
        }
 
        //The cookie isn't here, we refuse the login
        if( !isset( Yii::app()->request->cookies[UserIdentity::LOGIN_TOKEN] ) ){
            return false;
        }
 
        $user = User::model()->notsafe()->findbyPk( $id );
        $cookieLoginToken = Yii::app()->request->cookies[ UserIdentity::LOGIN_TOKEN ]->value;
        if( isset( $cookieLoginToken, $user ) && $cookieLoginToken == $user->loginToken ) {
            return true;
        }
        return false;
    }
}
